horde3: multiple vulnerabilities
| Package(s): | horde3 | CVE #(s): | CVE-2006-3548 CVE-2006-3549 CVE-2006-4256 CVE-2007-1473 CVE-2007-1474 | ||||
| Created: | November 12, 2007 | Updated: | November 14, 2007 | ||||
| Description: | From the Debian advisory: Several remote vulnerabilities have been discovered in the Horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3548: Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). CVE-2006-3549: Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. CVE-2006-4256: Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. CVE-2007-1473: Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). CVE-2007-1474: iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files. | ||||||
| Alerts: |
| ||||||